CVE-2022-4886
CVSS V2 None
CVSS V3 None
Description
Ingress-nginx `path` sanitization can be bypassed with `log_format` directive.
Overview
- CVE ID
- CVE-2022-4886
- Assigner
- kubernetes
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-10-25T19:18:45.982Z
- Last Modified Date
- 2023-10-25T19:18:45.982Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/kubernetes/ingress-nginx/issues/10570 | issue-tracking |
https://groups.google.com/g/kubernetes-security-announce/c/ge7u3qCwZLI | mailing-list |
http://www.openwall.com/lists/oss-security/2023/10/25/5 | |
https://security.netapp.com/advisory/ntap-20240307-0013/ |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-4886 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4886 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-06-24 16:41:07 | Added to TrackCVE |